Estonian company delivers nuclear cyber security exercise

16 April 2018

Share

Estonian-founded cyber security specialist company Guardtime has planned and executed a custom cyber exercise for the UK's civil nuclear sector.

The exercise, which took place in early February, was run on the Estonian Defence Forces' Cyber Range complemented with industrial control systems simulating a nuclear power plant. Live cyber-attacks were conducted against these systems to provide the participants with an opportunity to exercise "perishable" cyber defence skills, analytical thinking to characterise an ongoing cyber-attack, achieving situational awareness, and communicating with senior management, Meelis Vill, head of digital at Guardtime Estonia, said.

The scenario, which included elements of both cyber and physical security, was developed with support from the Institute for Security and Safety at the Brandenburg University of Applied Sciences and the UK National Cyber Security Centre. Guardtime assembled a multi-national team of experts including Rigel Kent Security and Advisory Services to deliver the cyber-attacks, EclecticIQ to provide a cyber-threat intelligence sharing platform, and Defendec to provide perimeter surveillance cameras.

"Each sector has its own approach to cybersecurity and its own specific risks," Guardtime's head of cyber operations Luc Dandurand said. "A successful exercise requires drawing on the sector's leading experts and adapting to its specific perspective to deliver the right tempo against a realistic, engaging background scenario. Many things come into play for the participants to get the best value, and the key is attention to details and excellence in orchestration."

Kusti Salm, national armaments director at the Estonian Ministry of Defence, said: "It is great to see Estonian companies come together with world experts to address some of the biggest cybersecurity challenges facing critical infrastructure. Cyber exercises conducted on a cyber range can go a long way to help improve preparedness and cyber resilience, which is the focus of governments worldwide given the ever-increasing diversity of cyber threats."